#!/bin/bash

mkdir new_certs
touch root-ca.index
touch root-ca.index.attr
echo 00 > root-ca.crlnum
openssl rand -hex 16 > root-ca.serial

# create self-signed certificate
openssl req -config ca.config -new -x509 -sha256 -newkey rsa:2048 -nodes \
    -keyout root-ca-key.pem -days 365 -out root-ca.pem

# Create signing request for the server
openssl req -config server.config -new -sha256 -newkey rsa:2048 -nodes \
    -keyout server-key.pem -days 365 -out server-request.pem

# Create signed certificate for the server
openssl ca -config server.config -batch -days 365 -extensions server_ext -out server-cert.pem -infiles server-request.pem

# Create signing request for the client
openssl req -config client.config -new -sha256 -newkey rsa:2048 -nodes \
    -keyout client-key.pem -days 365 -out client-request.pem

# Create signed certificate for the client
openssl ca -config client.config -batch -days 365 -extensions client_ext -out client-cert.pem -infiles client-request.pem
